Security update for hdf5

Announcement ID: SUSE-SU-2022:1903-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2017-17505 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2017-17505 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2017-17506 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
  • CVE-2017-17506 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2017-17508 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2017-17508 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2017-17509 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
  • CVE-2017-17509 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2018-11202 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2018-11202 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-11203 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2018-11203 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-11204 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2018-11204 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-11206 ( SUSE ): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
  • CVE-2018-11206 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
  • CVE-2018-11207 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2018-11207 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-13869 ( SUSE ): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L
  • CVE-2018-13869 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-13870 ( SUSE ): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L
  • CVE-2018-13870 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-14032 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2018-14033 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2018-14033 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2018-14460 ( SUSE ): 3.6 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L
  • CVE-2018-14460 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2018-17233 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-17233 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-17234 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-17234 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-17237 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-17237 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-17432 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-17432 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-17433 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-17433 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-17434 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-17434 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-17435 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-17435 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-17436 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-17436 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-17437 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-17437 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-17438 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-17438 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2020-10809 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
  • CVE-2020-10809 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2020-10810 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2020-10810 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2020-10811 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2020-10811 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
  • SUSE Linux Enterprise High Performance Computing 15 SP1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1

An update that solves 27 vulnerabilities, contains four features and has five security fixes can now be installed.

Description:

This update for hdf5 fixes the following issues:

Security issues fixed:

  • CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405).
  • CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401).
  • CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404).
  • CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570).
  • CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569).
  • CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file (bsc#1109568).
  • CVE-2018-17435: Fixed heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c (bsc#1109567).
  • CVE-2018-17434: Fixed SIGFPE signal raise in function apply_filters() of h5repack_filters.c (bsc#1109566).
  • CVE-2018-17433: Fixed heap-based buffer overflow in ReadGifImageDesc() in gifread.c (bsc#1109565).
  • CVE-2018-17432: Fixed NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c (bsc#1109564).
  • CVE-2018-17237: Fixed SIGFPE signal raise in the function H5D__chunk_set_info_real() (bsc#1109168).
  • CVE-2018-17234: Fixed memory leak in the H5O__chunk_deserialize() function in H5Ocache.c (bsc#1109167).
  • CVE-2018-17233: Fixed SIGFPE signal is raise in the function H5D__create_chunk_file_map_hyper (bsc#1109166).
  • CVE-2018-14460: Fixed heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c (bsc#1102175).
  • CVE-2018-14033: Fixed heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c (bsc#1101471).
  • CVE-2018-14032: Fixed heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c (bsc#1101474).
  • CVE-2018-13870: Fixed heap-based buffer over-read in the function H5O_link_decode in H5Olink.c (bsc#1101493).
  • CVE-2018-13869: Fixed memcpy parameter overlap in the function H5O_link_decode in H5Olink.c (bsc#1101495).
  • CVE-2018-11207: Fixed division by zero was discovered in H5D__chunk_init in H5Dchunk.c (bsc#1093653).
  • CVE-2018-11206: Fixed out of bounds read in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c (bsc#1093657).
  • CVE-2018-11204: Fixed NULL pointer dereference in H5O__chunk_deserialize in H5Ocache.c (bsc#1093655).
  • CVE-2018-11203: Fixed division by zero in H5D__btree_decode_key in H5Dbtree.c (bsc#1093649).
  • CVE-2018-11202: Fixed NULL pointer dereference in H5S_hyper_make_spans in H5Shyper.c (bsc#1093641).
  • CVE-2017-17509: Fixed out of bounds write vulnerability in function H5G__ent_decode_vec (bsc#1072111).
  • CVE-2017-17508: Fixed divide-by-zero vulnerability in function H5T_set_loc (bsc#1072108).
  • CVE-2017-17506: Fixed out of bounds read in the function H5Opline_pline_decode (bsc#1072090).
  • CVE-2017-17505: Fixed NULL pointer dereference in the function H5O_pline_decode (bsc#1072087).

Bugfixes:

  • Fix library link flags on pkg-config file for HPC builds (bsc#1134298).
  • Fix .so number in baselibs.conf for libhdf5_fortran libs (bsc#1169793).
  • Fix python-h5py packages built against out-of-date version of HDF5 (bsc#1196682).
  • Fix netcdf-cxx4 packages built against out-of-date version of HDF5 (bsc#1179521).
  • Add build support for gcc10 to HPC build (bsc#1174439).
  • Add HPC support for gcc8 and gcc9 (jsc#SLE-7766 & jsc#SLE-8604).
  • Enable openmpi3 builds for Leap and SLE > 15.1 (jsc#SLE-7773).
  • HDF5 version Update to 1.10.5 (jsc#SLE-8501).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1903=1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1903=1

Package List:

  • SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (noarch)
    • hdf5-hpc-examples-1.10.8-150100.7.4.3
    • hdf5-gnu-mvapich2-hpc-devel-1.10.8-150100.7.4.3
    • hdf5-gnu-mpich-hpc-devel-1.10.8-150100.7.4.3
    • hdf5-gnu-openmpi2-hpc-devel-1.10.8-150100.7.4.3
    • hdf5-gnu-hpc-devel-1.10.8-150100.7.4.3
  • SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (aarch64 x86_64)
    • libhdf5_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3
    • libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150100.7.4.3
    • libhdf5_hl_fortran-gnu-openmpi2-hpc-1.10.8-150100.7.4.3
    • libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-openmpi2-hpc-debugsource-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150100.7.4.3
    • libhdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5_hl-gnu-hpc-1.10.8-150100.7.4.3
    • libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150100.7.4.3
    • libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150100.7.4.3
    • libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5_hl_cpp-gnu-openmpi2-hpc-1.10.8-150100.7.4.3
    • libhdf5_fortran-gnu-openmpi2-hpc-1.10.8-150100.7.4.3
    • libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3
    • libhdf5_hl_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3
    • libhdf5-gnu-mvapich2-hpc-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3
    • libhdf5hl_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5-gnu-mpich-hpc-1.10.8-150100.7.4.3
    • libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-mvapich2-hpc-debugsource-1.10.8-150100.7.4.3
    • libhdf5_hl_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3
    • libhdf5_hl-gnu-openmpi2-hpc-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-mpich-hpc-debugsource-1.10.8-150100.7.4.3
    • libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150100.7.4.3
    • hdf5_1_10_8-hpc-examples-1.10.8-150100.7.4.3
    • libhdf5_hl_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150100.7.4.3
    • libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150100.7.4.3
    • libhdf5-gnu-hpc-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-hpc-debugsource-1.10.8-150100.7.4.3
    • libhdf5_fortran-gnu-hpc-1.10.8-150100.7.4.3
    • libhdf5_fortran_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5_hl-gnu-mpich-hpc-1.10.8-150100.7.4.3
    • libhdf5_cpp_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5_hl_cpp-gnu-hpc-1.10.8-150100.7.4.3
    • libhdf5_fortran-gnu-mpich-hpc-1.10.8-150100.7.4.3
    • libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3
    • libhdf5_hl_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3
    • libhdf5_cpp-gnu-openmpi2-hpc-1.10.8-150100.7.4.3
    • libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-openmpi2-hpc-devel-static-1.10.8-150100.7.4.3
    • libhdf5_cpp-gnu-mpich-hpc-1.10.8-150100.7.4.3
    • libhdf5_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5_cpp_1_10_8-gnu-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-openmpi2-hpc-devel-1.10.8-150100.7.4.3
    • libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5_hl_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-hpc-module-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-openmpi2-hpc-debuginfo-1.10.8-150100.7.4.3
    • libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150100.7.4.3
    • libhdf5hl_fortran_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-openmpi2-hpc-module-1.10.8-150100.7.4.3
    • libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-debuginfo-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-hpc-devel-1.10.8-150100.7.4.3
    • libhdf5_cpp_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3
    • hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150100.7.4.3
    • libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3